Bug 1176719

Summary: [SOUP] [GnuTLS] Don't use a SSL3.0 record version in client hello.
Product: Red Hat Enterprise Linux 6 Reporter: Bryan Totty <btotty>
Component: glib-networkingAssignee: Tomas Popela <tpopela>
Status: CLOSED ERRATA QA Contact: Desktop QE <desktop-qa-list>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.5CC: danw, sbeal, tpelka, tpopela
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: glib-networking-2.28.6.1-2.3.el6 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-03-21 09:02:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 975457    
Bug Blocks: 1172231, 1269194, 1363705    

Description Bryan Totty 2014-12-22 22:59:20 UTC 
Request to fix: https://bugs.webkit.org/show_bug.cgi?id=138794 in RHEL 6.

-----
Reported here: https://lists.webkit.org/pipermail/webkit-gtk/2014-November/002134.html and followed with the gnutls developers here: http://lists.gnutls.org/pipermail/gnutls-help/2014-November/003673.html

Some sites ( for example: https://www.pge.com/eum/login ) are banning SSL 3.0 record packet versions, and GnuTLS uses by default a a SSL 3.0 version record in client hello to advertise TLS (even when SSL 3.0 is disabled). Doc: http://gnutls.org/manual/html_node/Priority-Strings.html#tab_003aprio_002dspecial1
-----
Comment 1 Bryan Totty 2014-12-23 16:16:01 UTC 
[root@server ~]# gnutls-cli-debug svn.example.com
Resolving 'svn.example.com'...
Connecting to '10.10.1.1:443'...
Error in %INITIAL_SAFE_RENEGOTIATION
Checking for Safe renegotiation support...
Comment 11 errata-xmlrpc 2017-03-21 09:02:05 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2017-0567.html